Featured Galleries USUBC COLLECTION OF OVER 160 UKRAINE HISTORIC NEWS PHOTOGRAPHS 1918-1997 Holodomor Posters
Significant opportunities exist to transform Sarbanes-Oxley compliance functions
Ernst & Young, Kyiv, London, 7 September 2011
Kyiv, London, 7September 2011: Companies can reduce their Sarbanes-Oxley (SOX) compliance challenges and find opportunities for operational improvement, according to a new report ‘Thinking outside the SOX box’ by Ernst & Young.
The survey of 225 global executives uncovers key concerns and challenges of SOX compliance and proposes methods to potentially reduce costs, make and apply quicker decisions and free up resources for strategic initiatives. Thinking outside the SOX box reveals four actions companies can take to create fundamental advantages in their sectors: automate testing, off-shore for lower-cost resources, leverage IT investment, innovate strategically.
Gerry Dixon, Ernst & Young Global Risk Leader, says: “Many organizations still treat the SOX function as a difficult compliance exercise. There is an opportunity to channel innovative approaches and practices, which can help a company build value into its operations. Strategic evaluation and realignment of SOX execution can directly impact decision making and efficiency; enhancing competitive advantage.”
According to the survey, only 3% of executives have fully automated more than half of their key controls. More than a third (35%) indicated they had more than 1000 controls, with 61% of respondents spending at least five hours just testing each control. Almost 40% of executives surveyed consider one of their major SOX challenges to be cost. In fact, 37% of respondents spend up to US$2 million on SOX testing, and 14% spend up to US$5 million every year on SOX overall.
Dixon adds: “Testing is the most time-consuming process related to SOX controls. Most respondents agree automation would free up both time and money.”
Half of the survey respondents said they use outside providers for some part of their SOX compliance. That said, 81% of executives surveyed said that internal audit was involved with SOX in some capacity. Moreover, 40% of indicated their internal audit department devoted at least a quarter of their budget and capacity to SOX testing alone, even as 66% of respondents used outside resources for testing.
Viktoriya Shmuratko, Manager, Business Risk Advisory Services, Ernst & Young in Ukraine, comments: “Our experience demonstrates that companies most successful in attestation of internal controls systems are those, where management is truly interested in controlled and transparent operation of main functions and processes. In such companies, internal control is not «art for art’s sake», but an instrumental management tool, which is continually strengthened and improved.
“Significant role in the development of internal controls systems resides with an effective internal audit function. Through execution of an annual plan based on a regular risk assessment, internal audit emphasizes high priority areas regarding improvement of internal controls system."
Survey respondents suggest reducing costs by automating and off-shoring SOX-related activities, thereby allowing in-house resources to be applied more strategically. Off-shoring is cited for its fit in follow-the-sun operations to create even more efficiency, though only a very small percent of respondents use offshore resources for SOX processes.
A small percentage of those surveyed use innovative IT techniques to manage SOX compliance, such as data analytics regularly (21%); 12% use predictive modeling; 65% do not use third-party applications to automate continuous controls monitoring and 90% of survey participants still use Excel ® for their scoping exercise.
Dixon comments: “According to our report, IT investment can be a tremendous asset in gaining a competitive advantage and be beneficial when applied to SOX functions. Certainly, increasing automation will help drive down the cost and effort to comply with SOX. But let’s be clear: leveraging your IT investment goes far beyond turning on various automated controls in the systems and automating testing. There is a real opportunity to use technology more strategically.”
More than half (52%) surveyed said they conducted an innovation exercise regarding SOX in the last year. Interestingly though, 58% do not use Control Self-Assessment, 63% do not use peer reviews and only 52% of respondents incorporate SOX into enterprise risk management.
Creating more entity-level controls is another way to apply innovation to SOX yet, 94% of survey respondents stated that less than a quarter of their key controls were entity-level controls.
Bob Cullen. Ernst & Young Global Internal Control Leader, concludes: “One effectively designed and robust entity-level control can significantly reduce the number of manual transactional level controls tested. Companies can significantly reduce the testing workload by focusing on top-down critical risks and designing effective entity-level controls.”
For a full copy of the report and survey results, please visit our web-site.
About Ernst & Young
Ernst & Young is a global leader in assurance, tax, transaction and advisory services. Worldwide, our 141,000 people are united by our shared values and an unwavering commitment to quality. We make a difference by helping our people, our clients and our wider communities achieve their potential.
Ernst & Young established its practice in Ukraine in 1991. Ernst & Young Ukraine now employs more than 500 professionals providing a full range of services to a number of multinational corporations and Ukrainian enterprises. For more information, please visit www.ey.com/ua.
Ernst & Young refers to the global organization of member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients.